Home / Business / White House warns of ‘threats’ from Microsoft email hackers

White House warns of ‘threats’ from Microsoft email hackers

“This is a threat,” Jen Psaki, the White House press secretary, said Friday. “Anyone who uses these servers – whether they are government, private, academia – needs immediate action to fix it.”

Psaki’s warning, according to a tweet by National Security Adviser Jake Sullivan on Thursday evening, highlighted the concerns of Biden management.He urged IT administrators across the country to immediately install the software patch. Sullivan said the US government is following reports that the United States think tanks may have been subjected to an attack, as well as “Agency base on defense industry”

Later on Friday, the cybersecurity agency and the security infrastructure highlighted the risk with an unusual language, stating in a tweet that malicious activities, if left unchecked, could be dangerous. “It allows attackers to control the entire network of the organization”

In a rare step, White House officials have urged private-sector organizations running localized Microsoft Exchange server software installations to install a number of important updates that are released to security experts. Of the information described as publishing an emergency fix program.

Microsoft said a group of cyber attackers linked to China had attacked Exchange mail servers.
Cyber ​​security company FireEye said Thursday it had identified a number of specific victims, including: “US retailers, local governments, universities and engineering companies”

John Kirby, Secretary of the Pentagon News Agency, told reporters on Friday the Department of Defense was working to determine if it had been negatively affected by the vulnerability.

“We’re aware, and we’re evaluating,” Kirby said. “And that’s as far as I can get right now.”

Microsoft disclosed this week that it was aware of a number of vulnerabilities in its server software exploited by Chinese hackers. In the past, Microsoft said the responsible hacker group Microsoft called hafnium had gone after. “Infectious disease researchers, law firms, higher education institutions, defense contractors, think tanks, and NGOs” previously did not publicly identify the groups that were in question, according to Microsoft.
The announcement marks the latest information security crisis to hit the US after FireEye, Microsoft and others reported a suspicious Russian hacking campaign that began with infiltrating IT software company SolarWinds. To a compromise by at least nine federal agencies and dozens of private businesses.

But the malicious activities revealed this week were not related to the SolarWinds hack, Microsoft said on Tuesday.

Microsoft generally releases software updates on the second Tuesday of every month. But to indicate the seriousness of the threat, Microsoft has released a patch addressing a new vulnerability that was not detected a week earlier.

‘We urge network operators to take this matter seriously.’

The Department of Homeland Security also issued an emergency order on Tuesday requiring federal agencies to update servers or disconnect. It’s just the sixth order since the creation of the CISA in 2015 and the second in three months.

“We urge the operators to take this matter seriously,” Psaki said of the statement. Management is concerned as “So many victims,” ​​she added.

When hafnium attackers hit the organization, Microsoft said they were known to download information such as an address book and gain access to the user account database.

A Washington Think Tank worker told CNN that both her work and her personal email account were attacked by attackers. Microsoft sent her a warning that there was a foreign government behind AOL, sending a similar notification for personal accounts.

The former SolarWinds CEO blames the intern for the password.  'solarwinds123' leaked

FBI agents then visited the person, who appeared on her doorstep, stressing that it was a sophisticated and sophisticated hack by a foreign government and an FBI investigation is underway across the country.

The attacker used unauthorized access to send email to that person’s contact. [the messages] In such a way that the recipient will not suspect that I am the sender. “The fraudulent email sent in that person’s name includes an invitation to a meeting that does not exist and refers to an article in her name and a book in the name of a colleague.” Which is written by them

Each message that person is accompanied by a link that asks the user to click.

“This is true,” tweeted former CISA Director Christopher Krebs. “If your organization is running an OWA server that exposes the Internet, it is considered a compromise between 02 / 26-03 / 03”.
In its own advice, the CISA urged network security personnel to begin searching for evidence of the intrusion from September 2020.

The U.S. government’s unusual public response to the incident surprised many experts, reflecting both the Biden administration’s focus on cyber issues compared to Trump’s White House and Threat size

“Is this the first time a national security advisor promotes a specific patch?” John Hultquist, vice president of FireEye’s Mandiant Threat Intelligence, wondered loudly.
“When you wake up [National Security Advisor] and [Press Secretary] Tweet about cyber Bailey Bicley, a senior spokesperson for the National Security Agency, tweeted the suffix “starstruck” emoji, referring to Sullivan’s tweet the night before.

CNN’s Michael Conte and Oren Liebermann contributed to this report.

Source link